Description
Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Thomas Pollet · textdoswindows
https://www.exploit-db.com/exploits/28343
References (3)
Core 3
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19364
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html
Various Sources x_refsource_misc
http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511
Scores
EPSS
0.1800
EPSS Percentile
95.2%
Details
Status
published
Products (13)
canon/network_camera_server_vb101
microsoft/ie
6 (13 CPE variants)
microsoft/ie
6.0 (9 CPE variants)
microsoft/ie
7 (4 CPE variants)
microsoft/ie
7.0 (3 CPE variants)
microsoft/internet_explorer
6 sp1
microsoft/internet_explorer
6.0
microsoft/internet_explorer
6.0.2600
microsoft/internet_explorer
6.0.2800
microsoft/internet_explorer
6.0.2800.1106
... and 3 more
Published
Mar 02, 2007
Tracked Since
Feb 18, 2026